Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Event Record #/Type50118 / WarningEvent Submitted/Written: 03/21/2008 02:40:10 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type50111 / WarningEvent Submitted/Written: 03/19/2008 03:31:25 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type50104 / WarningEvent Submitted/Written: 03/17/2008 01:04:39 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type50097 / WarningEvent Submitted/Written: 03/17/2008 00:15:09 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type50084 / WarningEvent Submitted/Written: 03/16/2008 10:53:27 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type99757 / WarningEvent Submitted/Written: 03/21/2008 09:55:20 PMEvent ID/Source: 3004 / WinDefendEvent Description:%ANOOP27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANOOP27 can't undo changes that you allow.

For more information please see the following:%ANOOP275

Scan ID: {97DDBB0B-1967-4FF1-9F07-A4ED3ADBED52}

User: ANOOP\sindhu

Name: %ANOOP271

ID: %ANOOP272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANOOP276

Alert Type: %ANOOP278

Detection Type: 1.1.1593.02

Event Record #/Type99756 / WarningEvent Submitted/Written: 03/21/2008 09:55:20 PMEvent ID/Source: 3004 / WinDefendEvent Description:%ANOOP27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANOOP27 can't undo changes that you allow.

For more information please see the following:%ANOOP275

Scan ID: {9EB2C9E9-1320-446A-B4DF-1A59373635C9}

User: ANOOP\sindhu

Name: %ANOOP271

ID: %ANOOP272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANOOP276

Alert Type: %ANOOP278

Detection Type: 1.1.1593.02

Event Record #/Type99755 / WarningEvent Submitted/Written: 03/21/2008 09:55:20 PMEvent ID/Source: 3004 / WinDefendEvent Description:%ANOOP27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANOOP27 can't undo changes that you allow.

For more information please see the following:%ANOOP275

Scan ID: {B1C7CE96-6FE8-4CE2-8371-52EF5073903C}

User: ANOOP\sindhu

Name: %ANOOP271

ID: %ANOOP272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANOOP276

Alert Type: %ANOOP278

Detection Type: 1.1.1593.02

Event Record #/Type99754 / WarningEvent Submitted/Written: 03/21/2008 09:55:17 PMEvent ID/Source: 3004 / WinDefendEvent Description:%ANOOP27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANOOP27 can't undo changes that you allow.

For more information please see the following:%ANOOP275

Scan ID: {F73F700A-4F64-466A-B7FE-B8B200D6E2DA}

User: ANOOP\sindhu

Name: %ANOOP271

ID: %ANOOP272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANOOP276

Alert Type: %ANOOP278

Detection Type: 1.1.1593.02

Event Record #/Type99753 / WarningEvent Submitted/Written: 03/21/2008 09:55:17 PMEvent ID/Source: 3004 / WinDefendEvent Description:%ANOOP27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ANOOP27 can't undo changes that you allow.

For more information please see the following:%ANOOP275

Scan ID: {C4A2EB21-CCAD-44D0-A720-0A16FFDF4A09}

User: ANOOP\sindhu

Name: %ANOOP271

ID: %ANOOP272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ANOOP276

Alert Type: %ANOOP278

Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-03-21 21:55:43 ------------

littlebull_25

Posted 22 March 2008 - 12:07 PM

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab

Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

Please do not rename Combofix to other names, but only to the one indicated.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

anpsi

Posted 23 March 2008 - 08:56 AM

anpsi

Member

Topic Starter

Member

68 posts

Hi Littlebull!!

I had downloaded the Windows Recovery Console from Microsoft and moved to Combofix.exe as per the instructions given but in the report it says the system did not download.I have it in my comp saved.I hope i will not have any prob of back up.

Advertisements

littlebull_25

Posted 27 March 2008 - 04:18 PM

littlebull_25

Member

Member

610 posts

Hello anpsi,

Sorry it took so long, sometimes it might take a couple days, as I am in training and have to have my fix approved from experts before I can post it to you, please be patient as we disinfect your logs. And yes your computer is infected, and we dont want to leave anything in the logs, doing so can cause a reinfection.

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

anpsi

Posted 27 March 2008 - 06:41 PM

anpsi

Member

Topic Starter

Member

68 posts

Hi littlebull!!!...

Sorry for being impatient. Just wanted to get over with this headache.I understand u need to consult with ur seniors.take ur time.
I hav a doubt here. When u asked me first to do this Jotti scan, i went and searched for this file in Windows Folder and on finding it, i sent a copy to the desktop.After a while i deleted it and even removed it from the Recycle Bin.I did that when i cudnt copy paste it then,thought of uploading and then submiting. Is that the reason the file is empty?....Although it was just the copy....I also tried to restore my computer to a previous time to retrieve this file. Is there any other way to retrieve files on deleting from Recycle Bin?.....